Chosen as one of Mashable's top three for staying anonymous online, NordVPN is a choice backed by much of Reddit. It's made for fast streaming and torrenting, P2P and non P2P options, and is one VPN that can actually bypass the American Netflix block anywhere in the world. Plus, a single NordVPN login can be used on up to six devices simultaneously, so sharing the perks and splitting the price is a major bonus for savvier internet users. Reddit user ambillop writes:
Ideally, every VPN service provider would subject itself to independent audits to verify that it logs and operates as it claims. Right now, audits aren’t common practice in the VPN industry, though there’s a push to change that. Joseph Jerome, policy counsel at the Center for Democracy & Technology, told us about that group’s efforts to bring transparency to the VPN industry: “We would like to see security audits released publicly so security researchers can review them and attest to their veracity, as well as learn from the issues being identified.” The few companies we found that currently performed these types of audits had other dismissal-worthy failings, despite their valiant efforts toward transparency. And while such reports may increase your confidence when you’re shopping, there’s no guarantee that an audit makes a VPN service trustworthy: In other industries, conflicts of interest have led auditors and rating agencies (PDF) to miss or ignore major problems.
When we test VPNs, we generally start with the Windows client. This is often the most complete review, covering several different platforms as well as the service's features and pricing in depth. That's purely out of necessity, since most of our readers use Windows (although this writer is currently using a MacBook Air). We currently use a Lenovo ThinkPad T460s laptop running the latest version of Windows 10. We periodically upgrade to a newer machine, in order to simulate what most users experience.
VPN.ac is a security-focused provider that is based in Romania. It was created by a team of network security professionals with an emphasis on security, strong encryption, and high-quality applications. Their network is composed entirely of dedicated, bare-metal servers that offer great performance, as seen in the latest speed tests for the VPN.ac review.
TorGuard’s signup and payment process is also fine but not stellar. Compared with that of IVPN, the checkout process is clunky, and using a credit or debit card requires entering more personal information than with our top pick. The easiest option for anonymous payments is a prepaid debit card bought locally. Otherwise, like most providers, TorGuard accepts a variety of cryptocurrencies, PayPal, and foreign payments through Paymentwall. That last service also allows you to submit payment through gift cards from other major retailers. We don’t think this method is worth the hassle for most people, but if you have some money on a fast-food gift card you don’t want, turning it into a VPN service is a nice option.
VPN services, while tremendously helpful, are not foolproof. There's no magic bullet (or magic armor) when it comes to security. A determined adversary can almost always breach your defenses in one way or another. Using a VPN can't help if you unwisely download ransomware on a visit to the Dark Web, or if you are tricked into giving up your data to a phishing attack.
Protocol: When you’re researching a VPN, you’ll see terms like SSL/TLS (sometimes referred to as OpenVPN support,) PPTP, IPSec, L2TP, and other VPN types. We asked Samara Lynn, Lead Analyst for Networking and Small Business at PCMag, whether or not a user shopping for a VPN should shop for one over another. “SSL is what is commonly used these days. All of these protocols will provide a secure connection,” she explained, and pointed out that most solutions are invisible to the end-user anyway. Strictly, each protocol has its benefits and drawbacks, and if you’re concerned about this (specifically, PPTP vulnerabilities,) you’re probably already aware of them. Most users don’t need to be concerned about this—corporate users on the other hand, are probably all using IPSec or SSL clients anyway.